![]() ![]() If you are migrating an existing iFrame from Customizations to Trusted Origins, see 3. These instructions are for embedding a new page or resource in an iFrame using Trusted Origins. Embed an Okta sign-in page or Okta resource in an iFrame Migrate from Customizations iFrame to Trusted Origins 1. Embed Okta End-User Dashboard in an iFrameģ. Embed an Okta sign-in page or Okta resource in an iFrameĢ. You can either create a new Trusted Origin or migrate an existing iFrame to Trusted Origins:ġ. This ensures that your existing iFrames are not unintentionally broken. We recommend that you first embed all Trusted Origins you need and then turn off the Customizations option, if you have enabled it. Trusted origins for iFrame embedding work only when the iFrame embedding under Customizations > Other > Enable iFrame Embedding is not in use. When x-frame-options is set to SAMEORIGIN, the resource can only be displayed in a frame on the same origin as the page itself.įor developer documentation, see Trusted Origins API. In the absence of CSP and x-frame-options, the resource can be embedded by anyone into any site. Browsers that support CSP frame-ancestors directive enforce it and give it precedence over x-frame-options. Whether or not the CSP frame-ancestors directive is enforced depends on the user’s browser. Trusted Origins lets you configure an origin which is returned by Okta in the frame-ancestors directive of the CSP header. Its frame-ancestors directive specifies parent pages that may embed a page using an iFrame. ![]() Trusted Origins use Content Security Policy’s (CSP) frame-ancestors directive. However, with Trusted Origins you can ensure that only the origins you trust can embed your resources. With the Customizations option, any resource can be embedded into any site. This method is more secure than the current iFrame Embedding option in Customizations that is based on x-frame-options. Using Trusted Origins for iFrame embedding, you can allow origins that you trust to embed Okta sign-in pages and Okta resources. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |